How to Secure Your Cryptocurrency: Nano
Owning cryptocurrencies can be scary at first and many are understandably put off by the complexity. Moving away from a system you already know and trust can be intimidating for sure. It’s not a joke that being your own bank comes with certain responsibilities but don’t let fear lock you out from one of the greatest inventions and extensions of human rights in modern time. If you want to take a leap into this technology or are just curious, let’s get started.
In this article, I will outline the different possibilities you have for storing your own (maybe your first) cryptocurrency in a responsible manner. I will solely be focusing on the cryptocurrency Nano because it’s a great example of where simplicity meets security. It is also very accessible, with a wide range of secure storage options for all common platforms. Finally, it is also remarkably fast, feeless and fun to play around with. Nonetheless, the topics discussed below can be applied to many other cryptocurrencies.
In order to own any currency, digital or physical, you need somewhere to store it. With cryptocurrencies, the method of storage is referred to as a ‘wallet’, which can consist of one or many accounts. The role of the account is to keep track of what is yours, and the wallet (a locked safe) is secured by a private key or seed. To use wallets, you do not need a deep understanding of the underlying technology in question. As an analogy, you use aeroplanes with knowledge of the concepts of flight, but no expertise in jet propulsion.
However, to use wallets in a most suitable way it’s important to understand the difference between security and convenience. People have different purposes for dealing with cryptocurrencies. Some will only trade and speculate, others will use it for purchases, as a store of value or in business; in some countries, people may live and depend on it, because other systems have failed or have become obsolete. Storing long term will, and should, consider a different balance of security and convenience than using it on daily basis. It’s extremely difficult or maybe impossible to have both optimized at the same time. Also, many will choose to use more than one solution. That is why I will structure the wallet solutions based on this scale. From the one with the highest convenience to bottom with the strongest security.
One thing to keep in mind is that your Nano is safe at a protocol level in whichever method you choose. Even a third-party security audit has been made for the network. When I refer to insecurity I mean the possibility for someone else to get access to your password and account. Also, that a potential hack of an online service could disable you from accessing funds or making transactions. Hence, the most important thing left for you to do is to keep a backup of the seed, store it safely and any password protecting a wallet solution.
The seed is your last resort and should be stored offline and even outside anything that runs on electricity. If you’re not familiar with this technology you might think that your “coins” are stored in some data file in your wallet and losing that will be the end of it. That is very far from the truth, with a system like Nano where your accounts are synced over the whole network in a decentralized manner. The very basic principle is that your seed can be imported to any other wallet solution to unlock your accounts with exactly the same balance for immediate access.
Disclaimer: Wallets mentioned are grouped into the corresponding type of implementation and are rated as such, with all known attack surfaces taken into consideration. There might be individual wallets in each group that stand out with exceptional security but that will not be part of this analysis, which has a more general approach.
An exchange will be the first entry point for many. It’s always online with immediate access and you can buy/sell at any time. Perfect, you may think. Yes, it’s convenient and yes many exchanges have great security with two-factor authentication, strong passwords, email verification, etc. Is it a good choice for storage? No. Exchanges have been hacked, frozen, shutdown or worse in the past and such an event will most likely happen again. This is not the place you want to stay long-term with any great amount. Use it for trading, nothing else. In the case of Nano, moving off exchanges also helps with the protocol decentralization.
- Pros: Medium accessibility, direct trading/speculation
- Cons: Security concern, coins not really yours (you don’t own the seed), centralized
- Precautions: Use every security measure available as in 2FA, email verification (with logged in IP number), strong password, extra password, etc.
- Author recommends: Binance.com
A convenient way to use cryptocurrency in daily life is of course from the device you always have with you, the smartphone. Just grab it from the pocket, scan a QR and transaction is sent in a matter of seconds. While security is good it’s also limited by how secure a smartphone can be. To mention a few drawbacks (depends on how the wallet is setup): Someone can overlook while you type the password, a device can be stolen/lost or someone might scan your finger or face while asleep (if not using a password). Use it with common sense.
- Pros: Superior accessibility, speed, simplicity
- Cons: Security limited by how a smartphone works and is used
- Precautions: Save the Nano seed elsewhere. Store only what you need in a short time frame, use a wallet password or enable biometric authentication. Make sure your phone is locked as well when you don’t use it.
- Author recommendation: Natrium, Canoe, NanoBlocks, NanoWalletCompany
Web wallets are another convenient method of storing your Nano, and carry a similar level of risk as mobile wallets (or slightly worse), as they favour convenience over extra security. Nanowallet.io stores data (encrypted) on a remote server and uses 2FA while Nanovault.io stores data in your own browser and does not need 2FA. Nanovault.io can also be set to erase all data on browser exit. Web wallets are slightly more convenient than desktop as you don’t need a specific computer but arguably slightly less secure.
- Pros: Accessibility from anywhere, even from mobile
- Cons: Any online service can be taken offline, or in worse case hacked and even possibly leaking your seed.
- Precautions: Do not store your life savings here. Use 2FA when possible. Keep your seed safe offline.
- Author recommendation: Nanowallet.io, Nanovault.io
Desktop wallets are an application you run on your personal computer. On a computer that is free from malware, it is reasonable to assume that security should generally be higher with a desktop wallet. Out of the many recommended anti-malware applications, Malwarebytes is widely recommended, even the basic free version.
- Pros: Medium accessibility, security
- Cons: A computer can be stolen, malware
- Precautions: Do not store your life savings here. Use a safe computer with protection against malware. Keep your seed safe offline. Be aware of key-loggers, activated remote desktop / Teamviewer. Use password for the wallet. Also try to encrypt the hard drive (which is trivial on MacOS), which serves as additional protection against computer theft.
- Author recommendation: Canoe, Nanollet, Dev Wallet, Nanovault.io
Now we step into the realm of real security. Nano supports the use of Ledger Nano S. This is a USB device with optimized security and it’s own display. While it is commonly known as unhackable, it’s still convenient enough for repeated transactions. Just plug it in a computer, enter an 8 digit PIN and transact. At the time of writing, the Nano Ledger S is supported by nanovault.io web wallet, with more support expected across the range of other wallets. The Nano seed is secured inside the device where it’s own 24-word passphrase is written down elsewhere upon initialization. There is no seed exposure on a monitor, internet or keyboard. This is where you can safely store large amounts of cryptocurrency, worry-free, as long as you follow basic good practice when considering security. For instructions, see this detailed guide.
There is also this really good guide written by Ledger themselves on how to handle your wallet.
- Pros: Strongest security with balanced accessibility. Seed never leaves the device and transaction is physically confirmed with a device button.
- Cons: You have to pay for it. Absolutely worth it though, price here.
- Precautions: Write down the device passphrase on paper, never store it digitally, not even in a password manager! Choose a secure PIN. The device will reset after 3 failed PIN attempts to stop hacking attempts. Before sending anything to the device, I urge you to reset it to initialize a full recovery process. To ensure that if the worse happens, you can get back to your coins. It’s an excellent exercise to verify the passphrase you wrote down and you can then put it away knowing it will work 100%. Keep that paper (or two) as far as possible away from the device itself to secure against theft, fire and aliens. That way you can retrieve your coins if device OR paper is lost, this is very important. For optimized security store both where it cannot be found (but maybe tell someone in case you leave the earth).
- Good to know: IF the Nanovault.io web wallet is offline, there are other clones of this site available, just ask in Nano community. There is also a tool that can be used as a very last resort to extract the seed. This will be less of a problem when nanovault.io desktop version is released with ledger support (and others).
Well, this is the last method mentioned but not necessarily the best. By far the least accessible and convenient, but unquestionably the most secure storage option, keeping only the Nano seed its self. The weakness lies in how that seed is generated and stored. Preferably generated from a secure offline computer and never pocketed from the network, but is the computer really secure and how will you store the seed? An old disconnected phone or computer may suffice but the most secure way is probably engraved on a steel plate locked in a vault.
While the seed alone is the most stable method and can never fail as long as the network itself lives on, I would not personally use this method. It’s just too inconvenient and the seed will be exposed the second it’s entered somewhere (if not signed offline). The nice thing with Nano though is the possibility to use an air-gapped computer (offline) to receive AND send Nano! It relies on copying and pasting certain key strings (by any choice of method) between the computers and sign the transaction. There is a video demonstrating this but it might be a bit outdated since it was made before the introduction of universal blocks. There is also this demo with instructions on how to sign transactions with an offline phone using QR codes and never expose the private keys (though, this has not been released). A more user-friendly offline signing will probably be developed soon enough.
- Pros: Strongest security and does not rely on anything other than the network itself
- Cons: Inconvenient
- Precautions: Never generate seed online. Use a secure offline air-gapped computer together with an official wallet downloaded from an official site, or use one of the vanity address generators available. Use encrypted disk image or hard drive when possible to increase security if the computer is stolen. Do not pocket the account until you need the Nano to minimize seed exposure online, or sign transactions using an offline device. Be aware of key-loggers, hidden cameras, etc.
When you are using a laptop, tablet, phone; avoid free public WiFi or prefer those which require a password. It will be harder for a hacker to set up a fake access point if you got a random password from the hotel reception. Avoid sites that are using HTTP combined with login as your credentials will be sent unencrypted (HTTPS is encrypted). If using HTTP, then use a trusted VPN service if possible, as it will encrypt all traffic.
Suggested for any site you visit is to make sure to verify correct URL before logging in (or use bookmarks) because it has happened that sites have been mirrored from original with very similar URL or with similar characters impossible to detect with your eyes. I recommend using PuniCode Alert extension for Chrome or enable “network.IDN_show_punycode” in Firefox. Checking for valid SSL cert does not give much value today.
Also, make sure to use strong passwords that have not been used anywhere else. 123456 is still the most common password, that is not OK. I strongly recommend using a password manager such as 1password. It can generate a strong random password for any service and the browser extension will both create new entries for you or fill in the credentials when needed. As always, the combined security is no stronger than the weakest link in the chain, in this case, the master password. Make sure your devices are secured as well with passwords or biometric as a bare minimum.
Good luck in the world of cryptocurrencies and remember to keep your seed safe and preferably with extra backup! Don’t hesitate to visit the Nano community for more inspiration, ideas and support.
Special thanks to the community for helping me refine this article.
Owner of nanolinks.info and with cryptocurrencies experience since 2013. Profession: Application manager, software developer and IT-security.
You can find me on Reddit